package com.green.springsecuritydemo1.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

/**
 * 自定义登录页面
 */
@Configuration
@EnableWebSecurity
//基于方法的鉴权
@EnableMethodSecurity
public class SecurityConfig2 {

    //配置权限相关的配置
    //安全框架本质都是一对过滤器，to_login进行放行
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        //配置关闭csrf机制
        http.csrf(csrf -> csrf.disable());
        //设置哪些路径不需要拦截
        //requestMatchers匹配资源路径 可以使用ant语法，也可以使用正则表达式
        // permitAll任意访问，anyRequest其他任意请求，authenticated需要认证之后
        http.authorizeHttpRequests(auth ->
                        //通过配置的方式控制访问权限
//                auth.requestMatchers("hello/test1").hasAnyAuthority("test1:show")//需要某种权限才能访问
//                        auth.requestMatchers("hello/test1").hasAnyRole("admin", "user")//需要某种角色才能访问

                        auth
                                .requestMatchers("to_login")
                                .permitAll()
                                .anyRequest()
                                .authenticated()
        );
        //
        http.formLogin(formLogin -> formLogin.loginPage("/to_login")
                .loginProcessingUrl("/doLogin")//处理前端的请求，与form表单的action一致
                .usernameParameter("username")//用户名
                .passwordParameter("password")//密码
                .defaultSuccessUrl("/index")//登录成功，调用对应的接口
        );
        return http.build();
    }


    @Bean
    public UserDetailsService userDetailsService() {
        //定义用户信息
        UserDetails admin = User.withUsername("xiaozhang")
                .password("$2a$10$Fd9AEPELMeHj6jqgpbGkweGj5SP7Awbx0gVaEcnUeTrYttlBZLkBu")
                .roles("admin", "user")
                .authorities("test1:show","user:list","user:name")
                .build();

        UserDetails vipUser = User.withUsername("user")
                .password("$2a$10$Fd9AEPELMeHj6jqgpbGkweGj5SP7Awbx0gVaEcnUeTrYttlBZLkBu")
                .roles("", "user")
                .build();
        InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
        userDetailsManager.createUser(admin);
        userDetailsManager.createUser(vipUser);
        return userDetailsManager;
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        //构建密码编码器
        return new BCryptPasswordEncoder();
    }
}
